Here’s another way to create a firewall in GCP using network tag as targets.
gcloud compute firewall-rules create "firewall-name" \ --description="egress rule to allow port 8000 to destination" \ --priority "1000" \ --direction EGRESS \ --action allow \ --network "your-network" \ --target-tags="your-network-tag" \ --destination-ranges="10.0.0.1/32" \ --rules tcp:8000 |